IntroductiontoIOS-XR6 - cisco.com ID ©2016**Ciscoand/oritsaffiliates.*All ... • Provide visibility into the device through machine friendly ... Plane Admin$ Plane Third Party

Introduction to IOS-XR 6.0Joachim Jerberg Jensen – [email protected] Engineer, Global Service ProvidersCCIE SP #42403

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation ID

• Introduction• Software Architecture Overview• Flexible Packaging• Application Hosting• Configuration, Monitoring and Troubleshooting• Conclusions

Agenda

2


Introduction

3


… coming to a platform closer to you

4

Q4 CY15 Q2 CY16 Q4 CY16

NCS5508

NCS5001

NCS5002

NCS1002

NCS5502

NCS5011

ASR9000(*)

NCS1002 w/ macsec

NCS 6000

In development

Not committed yet

NCS5501

* On ASR9k, 32-bit QNX images and 64-bit linux images will be supported

Cisco Confidential 5© 2015 Cisco and/or its affiliates. All rights reserved.

Guiding Principles for IOS-XR operational enhancements

Bring Your own Application• Provide a platform on which customers can host their apps (3rd party apps,

customer apps, cisco apps)

Automatable interfaces• Provide visibility into the device through machine friendly interfaces

Open architecture à Decrease tool chain variance• Fit into customer’s operational workflow


Pillars of IOS-XR operational enhancements

Evolved Programmability

Flexible Platform and Packaging

Application Hosting

• Data accessible via published model driven interfaces• Machine friendly• Enables automation @ scale

• Packages can be inspected on box using standard tool chain (RPM tools)• Automated package dependency checkers• Open Bootloaders (iPXE) and end-to-end auto-provision

• Ability to run 3rd party off the shelf applications built with Linux tool chains • Run custom applications inside an LXC container on the 64-bit Linux host

Visibility & Telemetry

• Operational Data, Deep analytical hooks• Policy-based, flexible, Push Model


Software Architecture

7

IOS XR 6.0 introduces a new software infrastructure offering

• 64-bit OpenEmbedded Linux support.Ø Processes containerization.Ø Brings in standard Linux toolchain.Ø Third-Party Applications Support.

• NCS 5500, NCS 5000 and NCS1002 will support only 64-bit Linux

• ASR 9000 will still have 32-bit QNX support

8

X86 Hardware64 bit Linux

Control Admin

NPU

SystemAdmin

SystemControl

Classic XR XR 6.0

32 bit QNX

Introduction to Containers• LXC (LinuX Containers) let you run a Linux system within another Linux system.

• A container is a group of processes on a Linux machine.

• Those processes form an isolated environment.

• Inside the container, it looks like a Virtual Machine.

• Outside the container, it looks like normal processes running on the system.

• Containers look like Virtual Machines, but are more efficient. 9

X86 Hardware

Operating SystemHypervisor

Traditional VirtualizationApp

Lib

OS

…

…

App

Lib

OS

App

Lib

OS

App

Lib

OS

X86 HardwareOperating System

Containers

Why Containers?• They are Fast Deploy and Boot in less than one Second vs Minutes for Virtual Machines

• They are Lightweight Only a few MB of Disk Space per Container vs several hundred MB for traditional Virtual Machines.

• They provide Similar Services as VMs Each container has:

10

• Its own network interfaces- Can be bridged, routed... just like with KVM.

• Its own filesystem- e.g.: RedHat host can run Debian container.

• Isolation (security)- Two containers can't harm (or even see) each other.

• Isolation (resource usage)- Soft & Hard quotas for RAM, CPU, I/O.

X86 Hardware

Operating System

…App

Lib

OS

App

Lib

OS

LXC1 LXC2

Linux Containers – Kernel Requirements• To create a virtual environment, containers use the following kernel features.

11

X86 Hardware

Operating System

…App

Lib

OS

App

Lib

OS

1. Namespaces: Partition essential kernel structures to create virtual environments:• pid (processes)

• net (network interfaces, routing...)

2. Control Groups: Limit, account, and isolate resource usage:• Exposed through a virtual filesystem

3. Chroot: operation that changes the apparent root directory of the container process.

IOS-XR Container Architecture

12

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

Modular Router

Fabric Line Card

ControlPlane

Admin

Plane

64-‐bit Host OS

Fixed Router

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

Fabric

Front Panel

LXC LXC LXC

LXCLXC

IOS-XR Container Roles: The Host• Runs Yocto based 64-bit Open Embedded Linux kernel.• Built using Windriver 7

• The main functions of the host are:• Interact directly with the underlying hardware.

• Provide kernel services for the containers.

• Provide libraries, tools, and utilities to help launch, monitor, and maintain containers.

• Provide the network infrastructure to allow containers to communicate.

13

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

IOS-XR Container Roles: The Control Plane• The heart of IOS-XR 6.0

• Runs a Yocto based 64-bit OELinuxcomposed of 2 types of packages:1. Cisco developed packages for core

network functions (BGP, MPLS, etc.)2. Yocto packages for standard Linux

tools and libraries (bash, python, tcpdump, etc.).

14

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

IOS-XR Container Roles: The Admin Plane• Runs a Yocto based 64-bit Linux.

• Provides services that were originally provided by the admin mode of XR.

• Runs processes responsible to perform system diagnostics, monitor environmental variables, and manage hardware components.

• First container to be booted by the host, and is responsible for the start and maintenance of all the other containers in the system.

15

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

IOS-XR Container Roles: Third Party

16

• Runs any 64-bit Linux distribution.

• Launched from the XR container using virsh and libvirtd.

• Access Network Interface through the Third Party Network Name Space (TPNNS).

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

XR Boot Process• XR 6.0 image will be released in the form of bootable self-extracting ISOs• Similar to any Linux distribution.

• NCS 5000 and 5500 possess a BIOS that offers NetBooting using iPXE.• iPXE is an open-source network boot firmware that supports:1. Booting from HTTP/HTTPS.2. Controlling the boot process via scripts.3. Performing image validation.

• XR 6.0 comes with an Auto-Provision process• Executed at the end of the control-plane boot sequence.• Executed inside the Shell.• Can execute Scripts or apply Static Configuration.

17


IOS-XR Boot Process with iPXE

18

HTTP SERVER

IP addressNext-server

Filename=http://<http-srv>/image-new.ISO

DHCP SERVER

Image-new.ISO

IP addressNext-server

Filename=http://<http-srv>/AutoProv-SN.shor

Filename=http://<http-srv>/Config-SN.txt

script-SN.sh

config-SN.txt

Apply Configuration Execute script

AdditionalScripts

Packages, etc…

XR Boot

AutoProvisionexecution

iPXEboot

XR Install

N

iPXE

Y

1

2

3

GET script-SN.sh or config-SN.txt4

GET addon scripts/packages/configuration5


Single DHCP Server Configuration

19

host NCS5500-rp0 hardware ethernet e4:c7:22:be:10:ba;;fixed-address 192.168.0.10;;If exists user-class and option user-class = "iPXE"

# Image request, provide ISOfilename "http://192.168.0.10/images/ncs5500 -mini-x.iso-r6.0.0 ";;

elsif exists user-class and option user-class = "exr-config" # Auto-provision request, provide script or configurationfilename "http://192.168.0.10/scripts/ncs5500-rp0.sh";;

DHCP option 77

DHCP option 67


• Management Ethernet 0 and 1 is mapped to IOS-XR Permanently

• Console port uses Console mux feature (By using CTRL+O we can switch between the HOST OS(Linux), Admin LXC and XR LXC

NCS 5000 on board ports


• NCS5K BIOS can be accessed by either pressing “esc” or “F12” Key when Box is Powered.

• It will list out following options

(1) UEFI: SMART eUSB HS-SD/MMC (Internal Disk)

(2) UEFI: Sony Storage Media 0100 (External USB )

(3) UEFI: Built-in EFI IPXE

(4) UEFI: Built-in EFI Shell

• Boot order can be Changed on the BIOS Menu

NCK5K BIOS


• Download the uncompressed image file in external USB.

• It contains folder structure with following files

EFI/Cisco/ncs5k-mini-x.iso

\EFI\Cisco\grub.efi

\EFI\Cisco\bootx64.efi

\EFI\Cisco\grub.cfg

Boot With External USB


What will you seeiPXE in action

iPXE 1.0.0+ (3e573) -- Open Source Network Boot Firmware --http://ipxe.orgFeatures: DNS HTTP TFTP VLAN EFI ISO9660 NBI MenuTrying net0...net0: c4:72:95:a6:14:e1 using dh8900cc on PCI01:00.1 (open)

[Link:up, TX:0 TXE:0 RX:0 RXE:0]Configuring (net0 c4:72:95:a6:14:e1).................. Ok << Talking to DHCP/PXE server to obtain network informationnet0: 1.37.1.101/255.255.0.0 gw 1.37.1.0net0: fe80::c672:95ff:fea6:14e1/64net0: 2001:1800:5000:1:c672:95ff:fea6:14e1/64 gw fe80::20c:29ff:fefb:b9fenet1: fe80::c672:95ff:fea6:14e3/64 (inaccessible)Next server: 1.37.1.235Filename: http://1.37.1.235/nkhade/skywarp-mini-x.isohttp://1.37.1.235/nkhade/skywarp-mini-x.iso... 58% << Downloading file as indicated by DHCP/PXE server to boot install image


Flexible Packaging

24


Networking Software Delivery Direction

• Server-like Workflows

• Modular, Disaggregated

• Integration with Stack

• Reduced Delivery Cycles

• Linux Operations

• Business Driven Packaging

• Programmatic Validation

• Targeted Validation

What How

RPM: XR New Package Format

• RPM Package Manager is the new Package format starting with IOS-XR 6.0.

• Packages are placed in a reachable repository and accessed via FTP/SFTP/SCP/TFTP or HTTP or pre-staged on the box

• Third Party packages are installed with RPM or YUM inside the Shell.

• IOS-XR packages are installed with “install update/upgrade”.

• Install commands are a wrapper around YUM to provide multi-arch support.

• Both YUM and install commands provide dependency verification/resolution.

26


Anatomy of RPM Packages

27

Archive

MetaData

Scriptlet

RPM

Describe package contentsInstall structureDependencies

Pre and Post Install Instructions

CPIO binary Archive

/var/lib/rpm

Database of installed packages


XR Packages Naming Convention

28

<name>-<version>-<release>.<architecture>.rpm

ncs5500-mpls-1.0.0.0-r600.x86_64.rpm

SMU <name>-<version>-<release>.<defect>.<architecture>.rpm

ncs5500-mpls-1.0.0.1-r600.CSCab12345.x86_64.rpm

Package


Platform

Release

XR Software

Package Repository

29

XR SMUs

Mini ISO+

Pkgs

Mini ISO+

k9 pkg+

Pkgs

Svc Pak

DDTS SMU

DDTS SMUs

ncs-5500-mpls-te-rsvp-1.1.0.0-r60017L.x86_64.rpm

ncs-5500-bgp-1.0.0.0-r60017L.x86_64.rpm

ncs-5500-eigrp-1.0.0.0-r60017L.x86_64.rpm

ncs-5500-k9sec-1.0.0.0-r60017L.x86_64.rpm

ncs-5500-mgbl-2.0.0.0-r60017L.x86_64.rpm

ncs-5500-mpls-1.1.0.0-r60017L.x86_64.rpm

ncs-5500-m2m-1.0.0.0-r60017L.x86_64.rpm

6.0.0.17L

<REPO_ROOT>

ncs-5500-mini-x.iso-6.0.0.17L.iso

www.cisco.com Local Repository

ncs-5500-mpls-1.1.0.1-r60017L.CSCab12345.x86_64.rpm

Full K9 ISO

Full ISO

Updating XR Packages

Command Line Behaviorinstall update source <repository> No package specified, update latest SMUs of all

installed packagesinstall update source <repository> ncs5500-mpls Package name specified, will install that package,

update all latest SMUs of that package(s) (along with its dependencies).

install update source <repository> ncs5500-mpls-1.0.0.1-r622.CSCab12345.x86_64.rpm

SMU installation: the SMU will be downloaded and installed (along with its dependent SMUs).

install update source <repository> ncs5500-mpls-1.0.2.0-r622.x86_64.rpm

Asynchronous package upgrade, that package will be installed (along with its dependent SMUs).Available in future release

30

Upgrading XR Packages

Command Line Behaviorinstall upgrade source <repository> version 6.1.1 Upgrade the base image to the specified version.

All installed packages will be upgraded to same release as the base package.

install upgrade source <repository> version 6.1.1 ncs5500-mpls-1.0.2.0-r623.x86_64.rpm

Perform install upgrade and install update for a specific package(s) in one operation.

31


PIE Install RPM Install

• No dependency management

• Offline process required to copy packages

• Require multiple operations• install add• install activate• install commit

• CSM for package content

• Dependency management

• Online process over secure transport

• Single operation• install update or install upgrade

• On-box / Off-box package inspection using rpm tool• Description• Dependencies• Content

32

Installing and Updating Third Party Packages• Third Party Packages are traditional Linux tools available from the Shell• Communication: lighttpd ,openssh, wget, curl, etc.• Programing: python, ruby, perl, etc.• Utilities: sed, gawk, tar, gzip, vi, etc.

• Additional packages provided by vendors (No Cisco Support)• Chef• Puppet

• Installed using yum or rpm

33

yum-config-manager --add-repo=http://192.168.0.254/XR/6.0.0yum install chef –y


Application Hosting

34

Third Party Network Name Space• Provide visibility of fabric attached interfaces outside of XR CLI.

• Available to processes in the XR containers or Third Party containers.

• Requires that the interface is Up with a valid IP address.

• Routing handled by XR.

35

Routing Processor

Control Plane Admin Plane Third PartyTPNNS TPNNS

64-bit Host OSTPNNS

MgmtGigTenGigHunGig

MgmtGigTenGigHunGig

InternalIPC

Interfaces

[xr-vm_node0_RP0_CPU0:~]$ip netns exec tpnns bash

Third Party Container Application Workflow

• Create the Container archive on a Linux Server.

• Copy the archive file to /misc/app_host.

• Unarchive in a rootfs directory.

• Create XML file specifying LXC parameters.

• Run virsh command.

36

Routing Processor

64-‐bit Host OS

ControlPlane

Admin Plane

ThirdParty

virsh –c lxc+tcp://10.11.12.15:16509 create <XML File>

Create1

Deploy2 Launch3


Configuration, Monitoring and Troubleshooting

37


Streaming Telemetry: Introduction

38

sensing & measurement

Where Data Is Created Where Data Is Useful

syslog

SNMP

CLIstorage & analysis

Streaming TelemetryDesign Vision

• Get as much data off the box as quickly as possiblePerformance

• Grant full access to all operational data on the boxCoverage

• Serialize the data in a flexible, efficient way that fits customers automated toolsAutomation

39

Telemetry• Common modeling language: Goal is YANG (experimental SysDB name space in 6.0)• Describes monitoring data structure and attributes

• Push Model• Stream data continuously with incremental updates based on subscriptions

• Data delivery:• JSON (compressed) inside TCP.• Google Protocol Buffer inside UDP.• Google Protocol Buffer inside gRPC.

• Observe network state through a time-series data stream

40


Streaming Telemetry Model

41

XR Control Plane

Host OS

TelemetryPolicy

TelemetryAgent

Namespace

TelemetryReceiver

TelemetryConfiguration

• Telemetry Configuration• Described in JSON.• Define one or multiple collection group(s).

• Each group contains a rate and a pointer to one or multiple objects in the experimental SysDB path (6.0 only)

• Telemetry Policy• Define the encoder, transport and the receiver(s) for each policy.

• Telemetry Agent• XR process that runs automatically and looks for registered policies to act on.


"Name": "GenericCounters","Metadata": "Version": 25,"Description": "This is a sample policy to demonstrate the syntax","Comment": "This is the first draft","Identifier": "<data that may be sent by the encoder to the mgmt station>"

,"CollectionGroups": "FirstGroup":"Period": 30,"Paths":["RootOper.InfraStatistics.Interface([*]).Latest.GenericCounters"]

Streaming Telemetry Example

42

Network Configuration Protocol (NETCONF)

43

SSH ClientsSSH

RPC calls are divided in 4 groups of methods: Retrieve, Configure, Copy, and Delete.Additional methods can be supported

Networking Device

• NETCONF provides mechanisms to install, manipulate, and delete device configuration.

• It uses an XML based data encoding for the configuration data as well as the protocol messages.

• NETCONF protocol operations are realized as remote procedure calls (RPCs) over SSH.

Retrieve, Configure, Copy, and Delete


Programmatic Interface

44

XR YANG

SSHdXR

Programmatic Interface

SSHProxyServer

NETCONFAgent

YANGFramework

RESTCONFAgent

WebServer

SysDBClientLibrary

SysDB

BackendApps

ConfigurationManager

Secure Transport

ConnectionOriented

RPC-based communication

model

NegotiateCapabilities


Conclusions

45

Key Takeaway• No Change in traditional CLI Operation• In 6.0, available on NCS-5500, NCS-5000 and NCS1000 Platform• In 6.1.1, available on ASR9k (traditional 32-bit QNX offering will still be supported)

• Operational enhancement for Automated Operations• Operating System change for Open Source tooling

46


IOS XR 6.0 Operational Enhancements

47

Visibility & Telemetry

Evolved programmability

Application Hosting

Flexible Platform & Packaging

IOS XR 6.0

We’re ready. Are you?

Introduction*to*IOS-XR*6 - cisco.com ID ©*2016**Cisco*and/or*itsaffiliates.*All ... • Provide visibility into the device through machine friendly ... Plane Admin$ Plane Third Party

Documents

IntroductiontoIOS-XR6 - cisco.com ID ©2016**Ciscoand/oritsaffiliates.*All ... • Provide visibility into the device through machine friendly ... Plane Admin$ Plane Third Party